Media reports of a purported breach of crucial data of most, if not all the, beneficiaries, meaning most of the Indians citizens who got vaccinated for Covid, or nearly a billion-odd people, are not only unfortunate if found to be true, but also raise a serious issue concerning the trust of all citizens sharing any data with the government across a plethora of applications, many of which are legally mandatory.
According to these media reports, a Telegram bot gave away sensitive details, like names, date of birth, phone numbers, Aadhaar numbers and other details which people provided to the CoWIN app at the time of registration for the Covid-19 vaccination. The bot also reportedly leaked the passport numbers of people who had used them while booking Covid vaccination slots.
The leak, if found to be true after a probe, is a big cybercrime, a violation of the right to privacy, which the Supreme Court recognised as one of the fundamental rights that the Constitution guarantees to all people.
Fortunately, understanding the seriousness of the allegations, the Central government reacted with alacrity, with minister of state for electronics and information technology Rajeev Chandrasekhar telling the media that as per the early findings of the Indian Computer Emergency Response Team (CERT-In), a nodal national cyber security agency, the CoWIN portal was not “directly breached”, as contrary to the media claims and reports.
But, instead of ending the controversy, the minister’s guarded and technical-sounding response has raised more doubts about the safety of people’s data with different public and government agencies. It could be construed from it that an indirect breach of data might indeed have been possible.
It does not matter to citizens who are exposed to the cyber-world whether their private data was “leaked directly or indirectly” from the CoWIN app. The only important thing is the purported availability of people’s data in the public domain.
It is, of course, not the first time that such a leak was reported in news reports. In June 2021, a hacker group named Dark Leak Market had purportedly claimed that it had the database of about 15 crore Indians who had registered themselves on the CoWIN portal.
As more and more people, including those having meagre incomes, opt for financial transactions using the United Payments Interface (UPI), any compromise of data security could expose people’s hard-earned money to fraudsters and hackers. India has been globally recognised as a leader in transforming into a nation rapidly adopting digital modes of interactions.
India tops the world in terms of digital payments, beating world leaders like China and the United States. In 2022, India recorded 89.5 million digital transactions as people grew comfortable with UPI apps. Any breach of sensitive data could raise questions about the safety of digital payments and harm the trust that the government has built among people for digital payments. The government should, therefore, take firm action to ensure that people's data is protected.
The government must get every single aspect of this reported breach probed and ensure it plugs all loopholes, including in third-party apps that might have been authorised to deal with CoWIN, and in every other government app. No criminal must be able to threaten Digital India, and its citizens.
